| Index: trunk/extensions/PrivateNamespaces/PrivateNamespaces.php |
| — | — | @@ -0,0 +1,99 @@ |
| | 2 | +<?PHP |
| | 3 | +/* |
| | 4 | + * Created on 20 July, 2007 |
| | 5 | + * |
| | 6 | + * PrivateNamespaces extension for MediaWiki 1.9.0+ |
| | 7 | + * |
| | 8 | + * Copyright (C) 2007 Daniel Cannon (cannon.danielc at gmail.com) |
| | 9 | + * |
| | 10 | + * This program is free software; you can redistribute it and/or modify |
| | 11 | + * it under the terms of the GNU General Public License as published by |
| | 12 | + * the Free Software Foundation; either version 2 of the License, or |
| | 13 | + * (at your option) any later version. |
| | 14 | + * |
| | 15 | + * This program is distributed in the hope that it will be useful, |
| | 16 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| | 17 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| | 18 | + * GNU General Public License for more details. |
| | 19 | + * |
| | 20 | + * You should have received a copy of the GNU General Public License along |
| | 21 | + * with this program; if not, write to the Free Software Foundation, Inc., |
| | 22 | + * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| | 23 | + * http://www.gnu.org/copyleft/gpl.html |
| | 24 | + */ |
| | 25 | + |
| | 26 | + |
| | 27 | +/** |
| | 28 | + * A really simple extension to allow for making certain namespaces |
| | 29 | + * "private"--that is, to prevent users lacking necessary rights from |
| | 30 | + * reading, editing, moving, etc., any page in that namespace. It |
| | 31 | + * should cover transclusion, searching (though the titles will still |
| | 32 | + * be visible), diffs, Special:Export, history paging, etc. |
| | 33 | + * |
| | 34 | + * NOTE: MediaWiki is designed to make content _open_, not to restrict |
| | 35 | + * access to content. As such code such as this that prevents read |
| | 36 | + * access is generally very fragile. While it has been tested under a |
| | 37 | + * variety of set-ups, and most methods of circumvention have been |
| | 38 | + * addressed, it should not be fully trusted as "secure". Be especially |
| | 39 | + * careful when installing new extensions as they may open up a variety |
| | 40 | + * of new ways to get around what this code aims to do. |
| | 41 | + * |
| | 42 | + * USAGE: |
| | 43 | + * Add require_once("$IP/extensions/PrivateNamespaces/PrivateNamespaces.php"); |
| | 44 | + * to your LocalSetings.php. |
| | 45 | + * |
| | 46 | + * To restrict access to a namespace with the id '100' to a group with |
| | 47 | + * the right "foobar" add: |
| | 48 | + * $wgPrivateNamespaces[100] = 'foobar'; |
| | 49 | + * |
| | 50 | + */ |
| | 51 | + |
| | 52 | +/** |
| | 53 | + * An array mapping namespace ids to the right needed to view or edit |
| | 54 | + * pages in the namespace. |
| | 55 | + */ |
| | 56 | +$wgPrivateNamespaces = array(); |
| | 57 | + |
| | 58 | +/** |
| | 59 | + * Hook userCan to perform additional validation checks. |
| | 60 | + */ |
| | 61 | +$wgHooks['userCan'][] = 'wfCheckIfPrivate'; |
| | 62 | + |
| | 63 | +/** |
| | 64 | + * Hook BeforeParserFetchTemplateAndtitle to perform validation checks |
| | 65 | + * when transcluding. |
| | 66 | + */ |
| | 67 | +$wgHooks['BeforeParserFetchTemplateAndtitle'][] = 'wfCheckPrivateTransclude'; |
| | 68 | + |
| | 69 | +/** |
| | 70 | + * Perform the checks. If the namespace is in $wgPrivateNamespaces |
| | 71 | + * then the user must have the specified right in order to perform |
| | 72 | + * any action on the page. |
| | 73 | + */ |
| | 74 | +function wfCheckIfPrivate( $title, $user, $action, &$result) { |
| | 75 | + global $wgPrivateNamespaces; |
| | 76 | + if ( in_array( $title->getNamespace(), $wgPrivateNamespaces ) ) { |
| | 77 | + if ( !$user->isAllowed( $wgPrivateNamespaces[ |
| | 78 | + $title->getNamespace() ] ) ) { |
| | 79 | + $result = false; |
| | 80 | + return false; |
| | 81 | + } |
| | 82 | + } |
| | 83 | + |
| | 84 | + return true; |
| | 85 | +} |
| | 86 | + |
| | 87 | +/** |
| | 88 | + * Prevent the transcluding of a page whose read access is prevented by |
| | 89 | + * $wgPrivateNamespaces. NOTE: It may still be possible for a user who |
| | 90 | + * has read access to a page to transclude in a public page and for that |
| | 91 | + * to then be cached and made visible to other users who shouldn't have |
| | 92 | + * access to the content. We should, however, be able to hope that those |
| | 93 | + * with restricted access would know better than to do so, however. |
| | 94 | + */ |
| | 95 | +function wfCheckPrivateTransclude( $parser, $title, &$skip, $id ) { |
| | 96 | + global $wgUser; |
| | 97 | + if ( !wfCheckIfPrivate( $title, $wgUser, 'read', $empty ) ) |
| | 98 | + $skip = true; |
| | 99 | + return true; |
| | 100 | +} |
| Property changes on: trunk/extensions/PrivateNamespaces/PrivateNamespaces.php |
| ___________________________________________________________________ |
| Added: svn:eol-style |
| 1 | 101 | + native |